[Git][security-tracker-team/security-tracker][master] Update information for CVE-2018-2036{3,4,5}/libraw

Thu Jan 10 22:27:06 GMT 2019

Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
1068bfea by Salvatore Bonaccorso at 2019-01-10T22:25:21Z
Update information for CVE-2018-2036{3,4,5}/libraw

Issue was not completely fixed upstream with the
https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
but left one still an issue with half_size=1. Adressed in a followup
commit
https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7
..

Update fixed version to 0.19.2-2 as it is the version containing the
full set of fixes with the same underlying issue over all three CVEs.

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -6410,19 +6410,22 @@ CVE-2018-20367 (The "mall some commodity details: commodity consultation&qu
 CVE-2018-20366
 	RESERVED
 CVE-2018-20365 (LibRaw::raw2image() in libraw_cxx.cpp has a heap-based buffer overflow. ...)
-	- libraw 0.19.2-1 (bug #917111)
+	- libraw 0.19.2-2 (bug #917111)
 	NOTE: https://github.com/LibRaw/LibRaw/issues/195
-	NOTE: https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
+	NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
+	NOTE: Additionally needed: https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7
 	NOTE: CVE-2018-20363, CVE-2018-20364 and CVE-2018-20365 have same root cause
 CVE-2018-20364 (LibRaw::copy_bayer in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL ...)
-	- libraw 0.19.2-1 (bug #917112)
+	- libraw 0.19.2-2 (bug #917112)
 	NOTE: https://github.com/LibRaw/LibRaw/issues/194
-	NOTE: https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
+	NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
+	NOTE: Additionally needed: https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7
 	NOTE: CVE-2018-20363, CVE-2018-20364 and CVE-2018-20365 have same root cause
 CVE-2018-20363 (LibRaw::raw2image in libraw_cxx.cpp in LibRaw 0.19.1 has a NULL pointer ...)
-	- libraw 0.19.2-1 (bug #917113)
+	- libraw 0.19.2-2 (bug #917113)
 	NOTE: https://github.com/LibRaw/LibRaw/issues/193
-	NOTE: https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
+	NOTE: Fixed by: https://github.com/LibRaw/LibRaw/commit/7e29b9f29449fde30cc878fbb137d61c14bba3a4
+	NOTE: Additionally needed: https://github.com/LibRaw/LibRaw/commit/a7c17cb6bbec1e79f058d84511f9c3b142cbdfa7
 	NOTE: CVE-2018-20363, CVE-2018-20364 and CVE-2018-20365 have same root cause
 CVE-2018-20362 (A NULL pointer dereference was discovered in ifilter_bank of ...)
 	- faad2 <unfixed> (low)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1068bfeabc02628b58a99c9d266e1c911753d2bd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/commit/1068bfeabc02628b58a99c9d266e1c911753d2bd
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20190110/c8d1ba9b/attachment-0001.html>
